Re: Preparing Debian for using capabilities: file ownership.
Previously Nicolás Lichtmaier wrote:
> It seems that in order to take full advantage of capabilities, files should
> not be owned by root. Files should be owned by a non-login user (e.g. bin).
I don't believe that is true at all. Can you explain why you think that
would be advantageous?
> That's because root will be just another user, with its set of
> capabilities, and you may like to prevent him from altering system files.
Crap, you just moved that problem to another account and gained nothing.
> As this is a major change, we'd better start now. This will also help
> people who want to implement a capabilities setup before we do...
We can't implement capabilities now anyway, since we don't have a kernel
with a filesystem that supports them.
Wichert.
--
________________________________________________________________
/ Generally uninteresting signature - ignore at your convenience \
| wichert@liacs.nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Reply to: